Re: [dnsop] Delegation inconsistency clarification

Mon, 24 Apr 2006 17:30:14 -0700 

John Kristoff wrote:


I'm hoping someone can clue me in on the issues involving delegation
inconsistency of TTLs.  Here is an example zone as seen from the
TLD:

 ;; ANSWER SECTION:
 king.com.               172800  IN      NS      ns.fjordnetwork.com.
 king.com.               172800  IN      NS      ns.midasplayer.com.

then each authoritative server shows the following:

 ;; ANSWER SECTION:
 king.com.               300     IN      NS      ns.fjordnetwork.com.
 king.com.               300     IN      NS      ns.midasplayer.com.

 ;; ADDITIONAL SECTION:
 ns.fjordnetwork.com.    3600    IN      A       62.80.210.14
 ns.midasplayer.com.     300     IN      A       217.212.244.66

First, the NS RRset has differing TTL values at the parent and child.
Strictly speaking I thought this was a configuration error.  Is it?


Don't believe so.


If so, what are the potential issues in such a TTL mismatch that may
cause problems with this zone?


None that I can think of.
If the delegation NS TTLs were so low that the records expire before an answer can be obtained from the delegated nameservers, then this might cause a problem, but that's not a _consistency_ problem, _per_se_, just a generic problem with TTLs that are too small.
Bear in mind that the apex NS records in the child are more "credible" and will therefore, if available, take precedence over the delegation NS'es. So under normal circumstances the delegation NS records are "ephemeral" anyway, and so the TTL on those records is not of critical importance. 


Second, strictly speaking I thought the TTL mismatch for the TTLs in
A records as shown in the additional section is not a configuration
error.  Is that the case?  What if any issues might result from that
configuration?
That isn't a configuration error either. ns.fjordnetwork.com/A and ns.midasplayer.com/A are completely different RRsets, so there is no "consistency" requirement between them. I can't think of any problems that would be caused by this inconsistency. Obviously the 300-second-TTL record is much more likely to have to be re-fetched more often than the 3600-second-TTL record, in order to be used, but that's true for *any* relatively-low-TTL RRset, not just in the delegation/referral/glue context. 

- Kevin



.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html

Reply via email to